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1 CLAIMS 




5 
6 
7 



What is claimed is: 

A metnod for achieving client to server end to end 
security guarantees, the method comprising: 

employing a proxy between the client and the 
server to provide connection links between the client 
and the server; 



8 

9 



embedding a secure coprocessor for use as an agent 
of the client and/or the server; 



10 the coprocessor acting as a converter between at 

11 least one protocol the client supports and at least one 

12 other protocol supported by the server; and 



13 employing! respective security protocols of said at 

14 least one protocol and said at least one other 

15 protoco l 
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2 • A metho 
cbproce 




censor i 



in claim 1, wherein the 
at the site of the proxy. 



3. A method as r^eiTted in claim 1, further comprising 
the step of the coproces-^pr guaranteeing that an 
applicati^ffembedded ir^^he"' coprocessor performs to a 
degree^of security proscribed by the client and/or 
server. 
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4 . A method 
the coprocessor 
wit 




ijprpc 
"he functi 



5. A method as 
is a pervasive 

6. A method as 



recited in claim 1, further comprising 
ass^r^ig that the proxy can not tamper 
oning of the agent. 



recited in claim 1, wherein the client 
:omputing device. 

recited in claim 1, further comprising 
the step of adabting content supplied by the client to 



fit constraints 
links. 



10 X A method fo 

11 / network, the me 

12 securely 

13 network, and 



of the server and/or the connection 



providing secure communications on a 
hod comprising; 

imbedding an agent at a proxy in the 



14 splicing al plurality of secure communication 

15 protocols of different protocol suites into the agent. 



8 . A method as 
splicing include 
Wireless Applica 



recited in claim 7, wherein the step of 
3 splicing a security protocol of the 
lions Protocol suite (WAP) to that of 



the Internet protocol (IP) suite. 

9. A method as ;:ecited in claim 8, wherein the 
Wireless Applications Protocol suite is used by a 
pervasive computing device. 
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10. A method as recited in claim 7, further comprising 
the agent performing at least one content adaptation 
function. 



11 . A methold 
of performin 
privacy. 



as recited in claim 10, wherein the step 
g includes maintaining communication 



12. A methold 
maintaining 
from the steip 



13 . A methc 
of maintain! 
external to 



as recited in claim 7 , further comprising 
a state of a splicing process resulting 
of splicing. 



d as recited in claim 12, wherein the step 

ng includes employing a storage device 

the proxy, and using cryptographic means to 



encrypt the state 



14 A metho 

15 network empl 



embeddir 



i for providing network security to a 
ying a proxy, the method comprising: 



g a trusted application in a secure 



coprocessor located at the site of a proxy; and 



18 delegating to a networking infrastructure a task 

19 of enforcing 4 trust model 

20 15. A method as recited in claim 14, further 

21 comprising guaranteeing that the application is trusted 
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1 to enforice the trust model between at least one server 

2 and a plurality of clients. 

3 16, A method as recited in claim 14, further 

4 comprising assuring the tamper resistance of the 

5 application. 

6 17< A method for secure communication between a client 

7 /and a server employing an untrusted proxy; the method 

8 comprising:! 

9 embedding a coprocessor at the proxy; 

10 the propcy receiving a specific communication 

11 request from^a client; 

12 the proxy forming an n-tuple for the specific 

13 communication^ 

\ 

14 the proxl forwarding the n-tuple to the 

15 coprocessor; \ 

16 the coprocessor generating a response, including a 

17 directive, to the n-tuple; 

18 the coprocessor sending the response to the proxy; 

19 and ^ 

20 the proxy implementing the directive. 
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1 18. A met] 

2 secure cop 

3 19. A met 

4 receiving 



10 
11 
12 

13 
14 
15 
16 
17 
18 

19 
20 
21 
22 



od of claim 17, wherein the coprocessor is a 



ocessor . 



od of claim 17, wherein the step of 
includes : 



5 awaiting a connection request from a client; 

6 creating an entry in a storage module for the 

7 client; 

8 determining a sender of each received packet; and 

9 retrieving a stored entry. 



20 



A method of claim 19, wherein the n-tuple includes 



a sender id, 



received packet 



an entry from a storage module and the 



21 . A methoc. 
server can be 



of claim 17, wherein the client and the 
either a sender or a receiver, and the 



step of generating includes employing a first protocol 

from the sendfer to the proxy and a second protocol from 

the proxy to ihe receiver and translating between the 
i 

said first an<| second protocols. 



If Clc 



22. A method pf claim 21, wherein the translating 
includes decrypting the received packet as specified by 
the security parameters negotiated as per the first 
protocol and encrypting the decrypted packet as 
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speci 
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ied by the security parameters of the second 
bl. 



23. A method of claim 21, wherein the translating 
includes modifying the received packet to meet 
constraints of the receiver and wherein the directive 
includes forwarding to the receiver the packet 
resultiing from the step of modifying. 



8 24. A Method as recited in claim 23, further 

9 comprising aggregating a plurality of packets into a 

10 group ofl packets and performing content adaptation on 

11 the group of packets. 



12 25. A method of claim 17 , wherein the communication 

13 between the client and the proxy employ protocols 

14 specified by the Wireless Application Protocol suite 

15 [WAP] . 

A syMtem to control security of a proxy 
interconnecting a client to a server, the system 
comprising : 




19 a secure coprocessor used as an agent of the 

20 client and/dir the server; and 



21 an application embedded in the coprocessor which 

22 acts as a converter between at least one protocol the 

23 client supportis and at least other protocol supported 

24 by the server, \ wherein the secure coprocessor employs 
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1 respective-security protocols of said at least one 

2 prote-col and said at least one other protocol. 
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27. A system as^r^cited in claim 26, wherein the 
copr^^ssor is ie^k^ed at the site of the proxy. 

28. A system as recited in claim 26, wherein the 
coprocessor aerforms/f^nctions to guarantee that an 
applica^i?^n embedded inTfie coprocessor performs to a 
degree of security proscribed by the client and/or 

;rver . 




29. A system^ars^ recited in claim 26, wherein the 
coprocessor functi<^s^to assure that the proxy can not 
with the functioning of the agent. 



tami 



30. A system as 
application embedded 
supplied by the s 
and the connect i 



Recited in claim 26, wherein the 

in the coprocessor adapts content 
rver to fit constraints of the client 
links . 



on 



31. A system as 
application embedded 
supplied by the c 
and the connectior 



21 J>2^ A system for 

22 network employing 



Recited in claim 26, wherein the 

in the coprocessor adapts content 
ient to fit constraints of the server 
, links. 

providing network security to a 
a proxy, the system comprising: 
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1 a secu 

2 proxy; and 
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re coprocessor located at the site of a 



a trus 
wherein the 
an arbitrary 



33. A syst 
coprocessor 
is trusted 
one server 



ted application embedded in the coprocessor 
coprocessor delegates the task of enforcing 
trust model to the application. 



em as recited in claim 32, wherein the 

functions to guarantee that the application 
to enforce the trust model between at least 
and a plurality of clients. 



34. A systjem as recited in claim 33, where the 
coprocessorj functions to assure the tamper resistance 
of the application. 




An ar 
usable med 
means embo 
end to end 



icle of manufacture comprising a computer 
ium having computer readable program code 
ied therein for achieving client to server 
security guarantees, the computer readable 



comprising 
causing a 



program code means in said article of manufacture 



computer readable program code means for 
Computer to effect: 



employing a proxy between the client and the 
server to provide connection links between the client 
and the server; 



23 embeddihg a secure coprocessor for use as an agent 

24 of the client and/or the server; 
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the coprocessor act^rfg as a converter between at 
least one protocol the client supports and at least one 
other protocol supported by the server; and 
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employing respective security protocols of said at 
least jeme protocol and said at least one other 
protocol . 



36. An. article 
the computer re 



of manufacture as recited in claim 35, 
dable program code means in said 
article of manufacture further comprising computer 
readable program code means for causing a computer to 
effect the coprocessor guaranteeing that an application 
embedded in the coprocessor performs to a degree of 
security proscribed by the client and/or server. 



.nfacl 




37. An article of mapnfacture as recited in claim 35, 
the computer reajiame program code means in said 
article of m^ufactur-^ further comprising computer 
readable program codfi^lttsans for causing a computer to 
effect^ the coprocessor assuring that the proxy can not 
t^irfper with the functioning of the agent. 

38. An article of manufacture as recited in claim 35, 
the computer readable program code means in said 
article of /manufacture further comprising computer 
readable program code means for causing a computer to 
effect the coprocessor adapting content supplied by the 
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1 serLer to fit constraints of the client and/or the 

2 connection links. 

3 39. An article of manufacture as recited in claim 35, 

4 the computer readable program code means in said 

5 article of manufacture further comprising computer 

6 readable program code means for causing a computer to 

7 effect the step of adapting content supplied by the 

8 client to fit constraints of the server and the 

9 connection links. 

10 A computer program product comprising a computer 

11 usable medium having computer readable program code 

12 means embodied therein for providing secure 

13 communication on a network, the computer readable 

14 program code means in said computer program product 

15 comprising computer readable program code means for 

16 causing! a computer to effect: 

17 sedurely embedding an agent at a proxy in the 

18 network,! and 

19 splicing a plurality of secure communication 

20 protocols of different protocol suites into the agent. 

21 41. A compute-r^pr^ as recited in claim 40, 

22 wherein t\^^s\i&p of s^l^in^ includes splicing a 

23 security protocol of a Wireless Applications Protocol 

24 suit^MWAP) to that of the Internet protocol (IP) 

25 sd^te . 
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42. A computer program product as recited in claim 4 0 
wherein tMe splicing includes maintaining end to end 
security guarantees without a modification at the 
server. 




5 43. A computer program product as recited in claim 40 

6 the compute^ readable program code means in said 

7 computer prbgram product further comprising computer 

8 readable program code means for causing a computer to 

9 effect the step of the agent performing at least one 
10 content adaptation function. 



11 44. A computer program product as recited in claim 40 

12 the computer readable program code means in said 

13 computer program product further comprising computer 

14 readable program code means for causing a computer to 

15 effect the step of maintaining a state of a splicing 

16 process resulting from the step of splicing. 

17 45. A computer^ogram^product as recited in claim 44 

18 wherein the ^€lTp of m^f^^inlng includes employing a 

19 storage device external to the proxy, and using 

20 cryptographic means to encrypt the state. 



21 ,>46. A computer profaram product comprising a computer 

22 usable medium having computer readable program code 

23 means embodied therein for providing network security 

24 to a network employing a proxy, the computer readable 

25 program code mean$ in said computer program product 
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comprising 
causing a coiapu 



computer readable program code means for 
er to effect the steps of: 



embedding 
coprocessor located 



trusted application in a secure 
at the site of a proxy; and 



to a networking infrastructure a task 
rust model. 



delegating 
of enforcing a 

47. A computer program product as recited in claim 46, 
the computer readable program code means in said 
computer program product further comprising computer 
readable program code means for causing a computer to 

of guaranteeing that the application is 
trusted to enfotce the trust model between at least one 
server and a plurality of clients. 



48. A computer 
the computer rea 



program product as recited in claim 46, 
dable program code means in said 



computer prograni product further comprising computer 



readable program 
effect the step 
the application. 



code means for causing a computer to 
Df assuring the tamper resistance of 



A program si:orage device readable by machine, 
tangibly embodying a program of instructions executable 
by the machine to perform method steps for secure 
communication between a client and a server employing 



an untrusted pro> 



y, said method steps comprising: 
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1 embedcling a coprocessor at the proxy; 

2 the pnoxy receiving a specific communication 

3 request from a client; 

4 the proxy forming an n-tuple for the specific 

5 communication; 

6 the pro^cy forwarding the n-tuple to the 

7 coprocessor; 



8 the coprocessor generating a response, including a 

9 directive, to \ the n-tuple; and 



10 the coprocessor sending the response to the proxy; 

11 and the proxy [implementing the directive. 

12 50. A programjstorage device readable by machine as 

13 recited in claijm 49, wherein the coprocessor is a 

14 secure coproceslsor . 

15 51. A program storage device readable by machine as 

16 recited in clain}. 49, wherein the step of receiving 

17 includes: 



18 awa 



iting a Connection request from a first client; 



19 creating an (entry in a storage module for the 

20 client; 
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1 determining a sender of each received packet; and 

2 retrieving a stored entry. 

3 52. A program storage device readable by machine as 

4 recited in cllaim 49, wherein the n-tuple includes a 

5 sender id, anl entry from a storage module and the 

6 received packet. 
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53. A program storage device readable by machine as 
recited in clalim 49, wherein the client and the server 



can be either 
generating inc 



i sender or a receiver, and the step of 
,-udes employing a first protocol from the 
sender to the proxy and a second protocol from the 
proxy to the receiver and translating between the first 
and second protocols. 



54. A program (storage device readable by machine as 
recited in claim 49, wherein the translating includes 
decrypting the received packet as specified by the 
security parameters negotiated as per the first 
protocol and enfcrypting the decrypted packet as 
specified by thk security parameters of the second 
protocol . 



55. A program sjborage device readable by machine as 
recited in claim! 53, wherein the translating includes 



modifying the re£ 
the receiver and 



eived packet to meet constraints of 
wherein the directive includes 
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1 forwarding to the receiver the packet resulting from 

2 the stepj of modifying, 

3 56. A program storage device readable by machine as 

4 recited ita claim 55, said method steps further 

5 comprising the step of aggregating a plurality of 

6 packets i^to a group of packets and performing content 

7 adaptation on the group of packets, 

8 57. A program storage device readable by machine as 

9 recited in \claim 49, wherein the communication between 

10 the client fend the proxy employ protocols specified by 

11 the Wireless Application Protocol. . 
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58. A metholpi as recited in claim 1, further comprising 
i 

the step of the coprocessor adapting content supplied 
by the serve| to fit constraints of the client and/or 
the connectidn links. 



59. A method' 
splicing incl 



as recited in claim 7, wherein the 

ides maintaining end to end security 

guarantees wilhout a modification to a server involved 
in the communications. 
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